Cyber Incident Victim: City of Phoenix
Date:
Oct 2014
Location:
United States of America
Summary
The City of Phoenix experienced a multi-day distributed denial-of-service (DDoS) attack that disrupted public services, including police operations, by preventing officers from accessing suspect information from patrol vehicles during a 45-minute outage. The city's Chief Information Security Officer stated the attackers likely sought to steal personally identifiable information for financial gain, though no data was exfiltrated due to successful defensive measures. The incident broadly impacted all public service computer systems, necessitating collaboration with the FBI and technology partners to mitigate the attacks. Intermittent website availability occurred during maintenance and investigative efforts to identify potential attacker traces.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In late October 2014, the City of Phoenix, Arizona, experienced a sustained distributed denial-of-service (DDoS) attack targeting its public service computer systems. The attacks occurred over multiple consecutive days, culminating in a significant disruption on a Saturday that caused a 45-minute outage across city servers. This outage impaired critical public safety operations, preventing police officers from accessing real-time data through in-vehicle computers. Officers could not perform searches for suspect information, license plate checks, or criminal record lookups during the incident. Radio communications remained functional as the primary field coordination method, allowing basic information exchange between officers. The attack affected the entire public service computer infrastructure rather than targeting specific departments. City officials, including Chief Information Security Officer Randell Smith, confirmed no sensitive data exfiltration occurred despite the attackers' suspected objective of harvesting personally identifiable information (PII) for financial exploitation. The intensity and persistence of the attacks led a deputy city manager to characterize them as coordinated denial-of-service incidents.
The City of Phoenix engaged the FBI and technology partners to investigate the attacks and implement countermeasures. Maintenance activities and forensic analysis of potential attacker traces caused intermittent website availability until midnight the following Tuesday. Smith publicly stated the city’s defensive measures successfully prevented data breaches, though the attackers’ identities and precise motivations remained undetermined. The incident highlighted the accessibility of DDoS attack tools, with the article noting such services could be rented for as little as $100 per week against basic targets or up to $500 weekly for more resilient systems. No evidence emerged regarding whether the Phoenix attackers utilized these commercial services. The city did not disclose specific technical details about mitigation strategies or long-term operational impacts beyond the confirmed 45-minute service interruption and temporary degradation of police information systems.